Juxtaposition

I have been wrestling with my dspam configuration on Ubuntu for quite some time and think I finally got it set up the optimal way. It took building a custom modern dspam package myself, with the help of a kind soul who built a custom package for Debian etch.

I get tens of thousands of spam messages to my personal accounts each month. And there are many more going to other users at my domain. It has been getting worse recently. This primarily caused me to take more drastic action and implement realtime blackhole lists to block spam from even entering my mail system. It is absolutely stunning to see how much spam gets blocked vs. how much gets in now. I haven't calculated the stats but on a cursory look at my logs, it is well over 70% that is being dropped on the floor now.

I was having a really bad issue with dspam 3.6.8 that comes with Ubuntu. Turns out this is a very old version of dspam. 3.8.0 has been out for well before the current 7.10 release yet it is only now being looked at for inclusion in 8.04 in April 2008. Ugh. Part of the problem is that upstream Debian hasn't upgraded yet in any of their repositories -- even unstable. Reference: https://bugs.launchpad.net/ubuntu/ source/dspam/ bug/160139

Alas, I set about building my own. I found a great resource at http://packages.kirya.net/debian/pool/main/d/dspam/ that had binary builds for debian etch and the source packages. Rather than wrestle with redoing the work of applying 3.6.8 patches to 3.8.0, I started with this and it actually builds everything cleanly on Ubuntu 7.04 just fine.

First thing is to make sure you have all of the prerequisites for building packages and building dspam. dspam requires at least mysql, postgres, ldap, zlib and other libraries to build, as well as automake and other build tools.

sudo apt-get install build-essential
sudo apt-get build-dep dspam

wget http://packages.kirya.net/debian/pool/main/d/dspam/dspam_3.8.0-1.1etch1.diff.gz
wget http://packages.kirya.net/debian/pool/main/d/dspam/dspam_3.8.0.orig.tar.gz

tar xvzf dspam_3.8.0.orig.tar.gz
gunzip dspam_3.8.0-1.1etch1.diff.gz
cd dspam-3.8.0
patch -p1 < ../dspam_3.8.0-1.1etch1.diff

chmod 755 debian/rules
fakeroot debian/rules binary

cd ..
sudo dpkg -i libdspam7-drv-mysql_3.8.0-1.1etch1_i386.deb \
libdspam7_3.8.0-1.1etch1_i386.deb \
dspam_3.8.0-1.1etch1_i386.deb \
dspam-webfrontend_3.8.0-1.1etch1_all.deb \
dspam-doc_3.8.0-1.1etch1_all.deb

smtpd_recipient_restrictions =
      check_recipient_access hash:/etc/postfix/dspam_retrain_aliases,        
      permit_mynetworks,
      reject_unauth_destination,
      check_recipient_access pcre:/etc/postfix/dspam_incoming_filter,
      ....
      permit

dspam-fp@dspam-fp.example.com                  FILTER dspam-fp:innocent
dspam-add@dspam-add.example.com             FILTER dspam-add:spam

# only allow local network to post to these entries
dspam-add unix   -   n   n   -   -   pipe
    flags=Rhq user=dspam argv=/usr/bin/dspam --mode=toe --user dspam-add@dspam-add.example.com --class=spam --source=error
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=192.168.1.0/24

# only allow local network to post to these entries
dspam-fp unix - n n - - pipe
    flags=Rhq user=dspam argv=/usr/bin/dspam --mode=toe --user dspam-fp@dspam-fp.example.com --class=innocent --source=error
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=192.168.1.0/24

# Using this to block lots of non-US character set emails
header_checks = regexp:/etc/postfix/header_checks

/^Subject:.*=\?big5\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*big5/ REJECT No foreign character sets, please.
/^Subject:.*=\?euc-kr\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*euc-kr/ REJECT No foreign character sets, please.
/^Subject:.*=\?gb2312\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*gb2312/ REJECT No foreign character sets, please.
/^Subject:.*=\?iso-.*-jp\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*iso-.*-jp/ REJECT No foreign character sets, please.
/^Subject:.*=\?koi8\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*koi8-r/ REJECT No foreign character sets, please.
/^Subject:.*=\?ks_c_5601-1987\?/ REJECT No foreign character sets, please.
/^Content-Type:.*charset=.*ks_c_5601-1987/ REJECT No foreign character sets, please.
# headers with 8 special characters... spam
/[^[:print:]]{8}/ REJECT Special chars in header a no-no.

Posted by at 9:13 PM | Permalink | Comments (5) | TrackBacks (0)

I've found these fascinating and hilarious through boingboing. Here are some links to some digital photography / photoshopping contests:

DPChallenge - A Digital Photography Contest
Worth 1000 Photoshop Contests
Fark often has photoshopped photos or contests posted.

The IEEE sees the writing on the wall for CRTs: IEEE Spectrum: Goodbye, CRT I'm looking to snag some nice tasty 19" Samsungs like this at Newegg on sale this month for $179

Also, here's an op-ed by Sam Harris on the 10 myths -- and 10 truths -- about Atheism Unfortunately, the word "Atheist" is so politically charged and has so many meanings to different Atheists that I prefer to stick with "Nontheist" for now. But the tide may be changing with Sam Harris and Richard Dawkins at the forefront, and the skeptical movement picking up steam.

Posted by at 10:19 PM | Permalink | Comments (1) | TrackBacks (0)

I just finally fixed my modified Vixburg style for Movable Type so that it makes use of wider browsers. Many times, quotes or pictures or preformatted text get chopped by the small center column. I tried for hours to get a decent 3 column layout where the center column will be fluid and take up as much available space as is there, to no avail. Best I could do was set 65% as the width and that does most of what I hoped for, at least for a 1280x1024. The true holy grail is at this site, but would require me building a whole new style to match kind of what I have using this as the base http://www.glish.com/css/7.asp The right column does not flitter away underneath the content as happens with mine when the page is sized smaller. *sigh*

Anyhow, take a look at my css for my tweaks at the bottom and I hope this makes things more readable.

Posted by at 9:41 PM | Permalink | Comments (0) | TrackBacks (0)

BookMooch: a community for exchanging used books (book swap and book exchange and book trade)

I am loving Bookmooch. I've mailed out several books so far that were sitting in my basement and am going to hopefully get some good ones in return. This was a great idea that my friend Mike and I actually had in college after the annoyance of paying $60 for a book that the bookstore on campus would only buy back for a pittance; only to turn around and sell it for $60 again. I'm glad someone else coded it. Maybe I'll actually get something for those books I chose to keep rather than get loose change for. Check out my mooch link on the left nav bar: my Bookmooch list

Posted by at 11:44 PM | Permalink | Comments (0) | TrackBacks (0)

Ouch. Clever page title though: "There goes our five nines..."

Posted by at 10:42 PM | Permalink | Comments (0) | TrackBacks (0)

The National Institute of Standards and Technology (NIST) recently published a paper condemning paperless electronic voting machines as insecurable.  I'll have to read the paper in-depth to see how they came to that strong of a conclusion, but I do know that there is no research showing that a purely electronic system can be completely trustworthy.

It's amazing how far this subject has come in just a few years, yet how far it still needs to go as evidenced by the irregularities in the recent 2006 midterm election.

Slashdot | NIST Condemns Paperless Electronic Voting

Posted by at 11:58 PM | Permalink | Comments (0) | TrackBacks (0)

I've been wondering this and noting that more and more products are coming wrapped in this stuff.  I use a tchochke that I got from Tripwire that has a tiny corner of a razor blade on it to open these packages, but even then, the cut plastic package is sharper than the razor.  I've cut myself on several occasions.  The unusual shapes of the packages doesn't make it very easy to cleanly open either.

Slashdot | Plastic Packages Cause Injuries, Revolt

Posted by at 11:54 PM | Permalink | Comments (0) | TrackBacks (0)

I'm trying this right now on Edgy Eft:

po-ru.com: Fixing ffmpeg on Ubuntu

It seems one can set DEB_BUILD_OPTIONS=risky to enable the missing codecs rather than editing debian/rules and building the package manually.

sudo apt-get build-dep ffmpeg

sudo apt-get install liblame-dev libfaad2-dev libfaac-dev libxvidcore4-dev checkinstall fakeroot

DEB_BUILD_OPTIONS=risky fakeroot apt-get source ffmpeg --compile

sudo dpkg -i ffmpeg-blah.dpkg

Posted by at 12:52 AM | Permalink | Comments (0) | TrackBacks (0)

So, there happen to be these unwritten rules of style that change all the time that nobody seems to tell you about and it's hard to ask and for many, harder to know you should ask. And there are people in the work world that do judge you by your appearance, for better or worse, consciously and unconsciously.  Here is some advice that I have culled from significant others, from experience and observation in the workplace, from the advice in Esquire, and even from What Not to Wear on TLC.

• No pleated pants
Get rid of your pleated pants in favor of flat-front pants. Flat-front pants are simpler, more modern looking, make you look slimmer, and not like an old man.

• Clothes should look new and fresh
If your sweaters are pilled and your pants have wallet or knee wear marks, or the cuffs are frayed, it's time to get some new clothes. Buy something new and donate the old.

• Get pants with the proper length
If you don't know your length, get measured or fitted in a store sometime. Your pants should "break" at the ankle and continue down slightly over your shoe. If you can see your socks when standing, your pants are too short!

• Appropriate sock color
White socks are generally not going to work with any business casual attire, unless is Miami Vice white suit day, but even then you probably would be better going without socks...but I digress. The general rule with socks is they should not be noticeable! If your socks stand out, they are wrong for your outfit. I mostly wear neutral socks that match my pants to not draw attention to them. If you are wearing athletic socks with slacks you need to go to Costco and get some Gold Toe dress socks and save the nike socks for the gym.

• Your shoes tell all
They say you can tell a man by his shoes--they make or break an outfit. You can be totally put together elsewhere but if your shoes are crap, it's game over.  What do your shoes say about you? Are they tired, scuffed, worn and dirty or new, sleek, stylish and shiny? It sucks but you really should have several pairs of shoes so that you can rotate them. Avoid wearing one pair day-in and day-out so that they will last longer and look fresh when you do wear them. I've even bought two of the same less expensive pairs of shoes that I liked to keep them looking nicer longer.  Oh, and invest in a shoe brush and some instant shine pads.  Esquire recommends using black polish--even with brown shoes. 

• Wear the right size shirt
This is another one of those things you're never taught: how to know you have the right size shirt. Here's the best way to know: Where the sleeves attach to the main body of the shirt, it makes a line. That line should roughly be even with the very edge of your shoulder blade. More than a 1/4 inch past that and your shirt is probably too big. I often see this with people who wear golf shirts (even PGA pros are bad offenders. Tiger Woods does it right though). Another way to tell if your short-sleeve shirt is too big is if your sleeves extend far past your elbow. They should probably end short of your elbow if it is sized correctly. Having the right size shirt means a sharper, put-together look. Oversized shirts tend to look sloppy or overly-casual.

• Dress for the position you want, not the one you have.
Hey, I've been there where I loved being able to wear jeans and a T shirt because, hey, nobody sees me in the server room. But, if you have higher aspirations or if you interface with business folks who tend to dress nicer than you, then your clothes can be a distraction from you and your message. If anything, your clothes should be neutral or enhance your message. Beware of some managers who get nervous if their underlings dress nicer than they do, but that isn't really your problem--it's theirs for not dressing to their level in the organization!

• Skip ironing -- use the cleaners!
Nothing says sloppy like a button-down shirt that has not been ironed or is poorly ironed. The difference I found with people who truly look sharp is not just tailoring but well-maintained clothing. It is so cheap to have someone else iron your shirts and it looks 1000 times better than if you try to do it that it is well worth the investment. And you can usually get a couple of wears out of each shirt before it needs to be sent back for cleaning and ironing. I pay $0.99 / shirt. If you have nice pants, you can usually get away with ironing them yourself but professional pressing also looks a lot better and holds longer than home ironing.

Posted by at 12:30 AM | Permalink | Comments (0) | TrackBacks (0)

This is an article from a year ago that showed how each vendor was able to respond to key virus outbreaks.  They also show the data from the previous year.

I personally recommend F-Secure's product.  The base product gives you everything you need for anti-spyware and malware and is inexpensive.  It is not a huge fat pig like some of the products out there (McAfee...)  I've heard from others who enjoy Kapersky as well, so either of those would be good choices and happen to both top this list.

I also personally got rid of McAfee products after a multitude of issues:

1. The product is seriously bloated and the Security Center product seems geard toward selling other products by McAfee than providing normal users with value.
2. Many of the products in the suite are not well integrated.  They often had their own installers and were a real pain to uninstall.
3. Lots of errors resulting in having to reinstall the product (without there being an easy way to do so).
4. Their website security is horrendous.  My wife forgot her password to their site so she used their "forgot my password" feature.  Guess what?  They emailed her, not a new random password, but her _actual password_  This from a security company!  They either store passwords without encryption or store them with reversible encryption--both of which are seriously bad ideas and McAfee should know better.
5. Their suite product line is very expensive and the price seems to go up every year.  They have since reworked their product line and it seems to be better now.
6. I read the F-Secure blog and can tell those guys really get security.
7. McAfee was the company with the poor QA that removed critical Office files to "protect" you and also mislabeled a legitmate ISP software program
8. McAfee products, like Symantec, have suffered from some local privilege escalation vulnerabilities or remote buffer overflows.  The cure is worse than the disease?

Ranking Response Times for Anti-Virus Programs - Security Fix

Posted by at 11:21 PM | Permalink | Comments (0) | TrackBacks (0)

I would add a 5th item:

5. Develop Reusable Security Architectures that cover common scenarios and include appropriate protection by design

Tools are sexy; secure design is hard.  That's why you see so many tools and vendors hawking tools but not as much work.  I hear from people all the time who talk about this tool or pen testing or scanning some server or how you need to hack your wireless network to be secure.  That is a bunch of crap in general because trying to audit your way to security is bottom-up grass-roots and can only get you so far.  It's an early maturity model to be spending so much time and energy on audits and pen tests instead of security design reviews and developing security architectures.  It's a lot easier and sexier to say you hacked a wireless network.  We need to get to where it is just as cool to say you developed a wireless network security architecture such that you don't care who is connected to the wireless network because your security is not so brittle as to lose sleep over it.  Where are those reusable models made open source?

As for item #3, I don't think that I believe that there can be "quantitative" security risk management.  The biggest problem is that there is not enough good data to base future risk upon (try this:  how do you quantify risk of brand damage due to event X?). 

Item #4 is very important and speaks to ensuring security systems are usable.

CRA (Computing Research Association) Grand Research Challenges

Four Grand Challenges in Trustworthy Computing:

1. Eliminate epidemic-style attacks (viruses, worms, email spam) within 10 years;
2. Develop tools and principles that allow construction of large-scale systems for important societal applications -- such as medical records systems -- that are highly trustworthy despite being attractive targets;
3. Develop quantitative information-systems risk management to be at least as good as quantitative financial risk management within the next decade;
4. Give end-users security controls they can understand and privacy they can control for the dynamic, pervasive computing environments of the future.

Posted by at 10:47 PM | Permalink | Comments (0) | TrackBacks (0)

It's still a shitty law though.  Something else I will happily ignore to avoid my fair use rights being infringed.  Again, how could I watch DVDs (legally rented/owned) on my Linux box without doing so?

Boing Boing: Copyright Office creates 6 DMCA exemptions

the office refused to grant exemptions that would benefit the general public -- space- and format-shifting, backing up your DVDs -- and they took back an earlier exemption that let people reverse-engineer the blacklists maintained by censorware companies to bring some transparency to their process.

Posted by at 10:19 PM | Permalink | Comments (0) | TrackBacks (0)

Hey, I'm on a Linux computer and because they insist on requiring Flash to play the videos, the only way I can view them is to download them and watch them with Xine. I plan on violating their terms of service...to continue to access their service...

Lawrence Lessig: When Web 2.0 meets Lawyers 1.0

Posted by at 10:17 PM | Permalink | Comments (0) | TrackBacks (0)

Summary:  people link to bloggers that provide more original content than who just provide links to other places that do so.

Funny because I was just thinking about this regarding this blog.  I think it's cool when people enjoy what I provide on this blog, but I really don't care if people read it or not.  This is where I keep track of stories and topics that interest me, instead of saved emails or bookmarks that I never look at again.  I can always go back and find what I found interesting and what I wrote about it.  Pretty cool in my book.

My blog doesn't really have many that link to it and probably the fact that I post many links without a lot of commentary a lot of the time is a good reason why.  But I disagree that nobody links to linkers.  I personally like blogs because they act as filters or lenses that focus news and interesting content.  There are tons of blogs but I like the ones whose mix of topics coincides most with what I'm interested in.  Even if they just link to other places, that's fine with me.  It's the filtering service that is the value-add, not necessarily original content.

That said, I have anecdotal evidence that my blog only gets noticed when I post original content.  My recent entry about SOA security is a perfect example.  I also was thinking about how I like the SANS newsbites because they actually summarize the stories they link to, not just provide links (on a related note, the links in Crypto-Gram require me to go read every story that sounds interesting so I generally read fewer of them).

No-one links to the linkers at Andrew Garrett’s Mutation

Posted by at 7:03 PM | Permalink | Comments (0) | TrackBacks (0)

This is great news.  They did the same with other phones, including the e815 that I have.  Fortunately, there are ways around this to re-enable the crippled features, but they are out of reach to most consumers.  I had to buy a data cable and software on eBay to uncripple my phone.

[infowarrior] - Verizon Slapped for Crippling Bluetooth

Verizon has been getting weasely with some of its customers in California who bought its Motorola v710 Bluetooth-³capable² phone on or before January 31, 2005. Preliminary approval of the settlement was granted in a California court for a class-action suit against the company because it didn¹t accurately tell prospective customers that its Bluetooth features weren¹t what they appeared to be. Verizon said the phone ³works with a PC² but left out that part about how you can¹t wirelessly sync photos or contacts or any other files using Bluetooth.

Posted by at 3:48 PM | Permalink | Comments (0) | TrackBacks (0)

Plus recommendations on where to, and where not to, use them, based on the best use of the technology for the money without excessive wear on the lamps.

What C.F. Lamps to Use Where

Posted by at 9:17 PM | Permalink | Comments (0) | TrackBacks (0)

Google code search (kottke.org)

Find all sorts of interesting things in source code out there, or web sites running interesting code. There's a great list to get you started "Google Code Hacking".

Posted by at 9:38 AM | Permalink | Comments (0) | TrackBacks (0)

Network Neutrality Threatened In Norway

A very clear description of the Net Neutrality issue and how the claims made by those against it are baseless.

Posted by at 8:12 PM | Permalink | Comments (0) | TrackBacks (0)

Media Convert - free and on line - convert and split sound, ringtones, images, docs - MP3 WMV 3GP AMR FLV SWF AMV MOV WMA AVI MPG MP4 DivX MPEG4 iPOD OGG WMA AAC MP4 MPC MMF QCP KAR MIDI REALAUDIO FLAC JPG PSD DOC PDF RTF TXT ODG ODP ODS ODT SXW WK1 MDB X

Would only be cooler if it removed DRM!

Posted by at 5:40 PM | Permalink | Comments (0) | TrackBacks (0)

Build a Cheap and Fast RAID 5 NAS | Tom's Networking

I'm going to need to get one of those cards and a bunch of drives to augment my data server with a terabyte of RAID-5 goodness. *yum*

Posted by at 11:41 PM | Permalink | Comments (0) | TrackBacks (0)

http://www.liveammo.com Security News Blog

legal or not, this sort of spying program probably isn't worth infringing our civil liberties for — because it's very unlikely that the type of information one can glean from it will help us win the war on terrorism.

Interesting mathematical analysis of how effective the NSA domestic call-tracking spy program could possibly be.

Posted by at 2:36 PM | Permalink | Comments (0) | TrackBacks (0)

EETimes.com - 802.11n wireless gear falls short in testing

Early adopters are likely to suffer the same problems that plagued 802.11g when it first emerged.

Posted by at 1:31 PM | Permalink | Comments (0) | TrackBacks (0)

foXpose/Tabnail plugins Two thumbnail-related plugins. One creates a single index page with thumbnails of all of your open tabs that you can use to navigate with. The other creates tiny thumbnails of the open pages in the tabs themselves. Both require firefox 1.5 or higher. It may be time to try the release candidate...

Also, since my previous post, I found several other useful and promising plugins:

Wizz RSS Newsreader
DictionarySearch
Dictionary Tooltip
Fasterfox
IE Tab Buggy, but can be convenient to change rendering engine on Windows.
BetterSearch

Security and Web Development:

Leet Key
Show IP
Stealther
Tamper Data
Web Developer
Live HTTP Headers
DownThemAll!
ColorZilla

Multimedia:
VideoDownloader
Download Embedded
DownloadThemAll! I now use this instead of FlashGot.

Posted by at 1:25 PM | Permalink | Comments (0) | TrackBacks (0)

Wired News: Worst Tech Moments 2005

Not sure I entirely agree with all of these. Looks like Bush will make the 2006 list several more times given the additional illegal spying uncovered so far. A summary of the list:

• TiVo boxes betray their owners
• Commerce Department blocks .xxx domain
• PayPal blocks Katrina aid
• Space shuttle Discovery
• Bush corrupts the NSA

Here are some items that I predict for the 2006 list:

• Senator Ted Stevens': The Internet is a series of tubes
• Senator Inhofe, Charman of the Environment and Public Works committee, global warming is the greatest hoax ever
• Rewriting The Science, Scientist Says Politicians Edit Global Warming Research - CBS News
• Bush Administration: Generally anti-science (ideology trumps science/facts)

I'm sure there are many others. These were off the top of my head.

Posted by at 1:04 PM | Permalink | Comments (0) | TrackBacks (0)

Passionate condemnation of the music industry:

[IP] MUST READ Courtney Love does the math The controversial singertak

[IP] last on this topic -- Does File Trading Fund Terrorism? Successful artists not seeing any profit.

http://www.marketplace.org/play/audio.php?media=/2003/03/12_mpp&start=00:00: 20:00.0&end=00:00:27:30.0

[IP] 2 more on Does File Trading Fund Terrorism?

And to round this out, a great interview with John Perry Barlow on the evils of Digital Restriction Management Wrapped up in Crypto Bottles

And to draw in a security angle to all of this:

Security Blog

Sony rootkit debacle highlights the failure of the security technology industry: The real story, as Bruce Schneier points out - why the hell didn't any Antivirus software (or IDS for that matter), detect this software sooner? Is corporate malware going to continue to be default allow by these products? We are collectively paying these companies billions of dollars for what?

Posted by at 11:06 PM | Permalink | TrackBacks (0)

This is so cool.

Einstein's task list generator

Posted by at 11:02 PM | Permalink | Comments (0) | TrackBacks (0)

National Missile Defense System Test Fails Again This story is over a year old but there hasn't been much better news about this boondoggle since then.

Oh, we can only hope that we are attacked by drones and not real missles... Those have been the only things that have even partially been stopped by this technology (after much rigging). Very apropos since just on the McLaughlin group today there were those that actually thought we could possibly rely on this to knock a North Korean ICBM out of the sky before it hits the US west coast.

Posted by at 10:52 PM | Permalink | Comments (0) | TrackBacks (0)

Nuclear Elephant: The Motorola v710: Verizon's New Crippled Phone

I have to say that I was really annoyed to find that my Motorola E815 couldn't even share vCards between phones using Bluetooth, let alone that they disabled the advertised ability to use mp3s for ringtones, to get photos you snap onto your PC, to play mp3s, to play videos, etc.

Posted by at 10:18 PM | Permalink | Comments (0) | TrackBacks (0)

# Enabling many:one IP masquerading from the LAN to the Internet (i.e. out the $WAN interface)
iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE

# port forwarding $WAN_IP:25 to $SMTP_SVR_IP:25
iptables -t nat -A POSTROUTING -d $WAN_IP -p tcp --dport 25 -j DNAT --to $SMTP_SVR_IP
iptables -A FORWARD -i $WAN -p tcp --dport 25 -d $SMTP_SVR_IP -j ACCEPT

# Making this cruft work from the intranet
# i.e. DESK_IP -> WAN_IP:25

# Bad rule:
iptables -t nat -A POSTROUTING -o $LAN -j SNAT --to-source $WAN_IP

# Good rule:
iptables -t nat -A POSTROUTING -o $LAN -s 192.168.1.0/24 -j SNAT --to-source $WAN_IP

Posted by at 6:13 PM | Permalink | Comments (0) | TrackBacks (0)

DIY external portable USB Hard drive: Just bought the Bytecc HD-201u2 enclosure. It is completely USB powered. Stick any laptop harddrive you want in there and go. Comes with a cable and a nice carry case (although the zipper is crap).

Preloading images on a page using only CSS

Grab a PDF copy of the Scriptaculous Cheat Sheet #1: Javascript effects Side note: someone really has the last name Fuchs? How cool is that?!

Windows, has a limit: a single PC can be controlled by a single “local” user (the “real” person on place), OR a single “remote” user. If someone logs into the computer from remote, the local user is disconnected. The following procedure deactivates this block and allows multiple persons to connect and to use a single computer from remote.

Posted by at 5:58 PM | Permalink | Comments (0) | TrackBacks (0)

Presentation Zen: What is good PowerPoint design?

A nice article showing several different ways of communicating the same message without overcomplicating your slides.

The blog also offers excellent insight into visual design appropriate for powerpoints or any visual marketing.

Posted by at 5:56 PM | Permalink | Comments (0) | TrackBacks (0)

DailyTech - Update: AMD Plans Major CPU Price Drops Day After "Conroe"

Guess I'll have to wait to buy my new system! I'm thinking an AMD AM2 motherboard will have the best socket longevity and that is the socket platform that AMD is putting its lower power consumption options on. Comparable CPUs run 89W or less in the AM2 version versus the Socket 939 equivalents. And even lower power consumption models are on the way.

If the prices do drop this dramatically, I'm not sure if I would buy a better proc or take advantage of the cheap price/performance option. We'll see.

Posted by at 10:14 PM | Permalink | Comments (0) | TrackBacks (0)

Plugging my own product, but what the hell, it is open source :)

AppArmor http://opensuse.org/Apparmor is an application security container technology for Linux. It lets you create application profiles
(policies) that define the files that the application can read, write, and execute. It lets you do this per-application, so you actually could allow users to upload arbitrary C/binary programs and expect them to behave as you specified. It provides an inheritance model so that you can't escape from this jail by exec'ing something fun: the child is controlled by policy too.

And for confining PHP (and PERL code run by mod_perl, and any other language interpreted in-place by Apache) AppArmor provides a change_hat API call and a mod_apparmor module for Apache, so that you can have AppArmor-style profiles wrapped around individual PHP pages and mod_perl scripts, even though they never appear in the process table.

If you find yourself between the rock of having to run some PHP or PERL code and a hard place of not trusting that code, try confining it with AppArmor, so that if/when the code screws up, it can only screw itself.

Crispin

--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com

Posted by at 10:55 AM | Permalink | Comments (0) | TrackBacks (0)

How to Build a Low-Cost, Extended-Range RFID Skimmer

Oh, I'm definitely going to have to build one of these!!

Posted by at 11:32 PM | Permalink | Comments (0) | TrackBacks (0)

WSJ.com - 'DRM' Protects Downloads, But Does It Stifle Innovation?

Remember, DRM = Digital Restriction Management.

This is an awesome debate getting to the heart of the matter. Courtesy of BoingBoing

Posted by at 8:47 PM | Permalink | Comments (0) | TrackBacks (0)

Learning Movable Type: Creating a 3-Column Layout in MT3.2

I used the information in this tutorial as a guide for creating my 3-column stylesheet that I recently implemented across all pages on juxtaposition. Also, the Web Developer firefox plugin was invaluable for tweaking the CSS with live-preview of the results.

Posted by at 1:19 AM | Permalink | Comments (0) | TrackBacks (0)

Ubuntu Blog: Better Management of Packages while Uninstalling

HOWTO: Using debfoster in practice

Posted by at 1:17 AM | Permalink | Comments (0) | TrackBacks (0)

Just had to convert some text files from Unicode to ASCII and used Vim to do it:

Open each file and notice that vim says [converted] at the bottom, indicating that it has transparently opened the unicode file to let you edit that file.

On each file, change the file encoding setting to latin1 (basic ASCII):


:set fenc=latin1


Then save the file and it will be converted:


:wq


FYI, The vim docs note that changing the "encoding" setting does not affect existing text so that won't work.

Posted by at 4:11 PM | Permalink | Comments (0) | TrackBacks (0)

27B Stroke 6

Bizarre notepad bug that really exists. If you type a phrase consisting of a 4 letter word, then two three letter words, then a 5 letter word, save it, then reopen it, the text will be corrupted and unreadable. There is a claim that not all words cause this to occur. See the linked story for examples of what does work.

There was a great quote:

If Microsoft can't keep strange bugs out of Windows' simplest application, we'd better get used to the monthly security patch cycle.

Posted by at 12:09 AM | Permalink | Comments (0) | TrackBacks (0)

Boing Boing: Julian Bleecker's blobjects manifesto: "Why Things Matter"

This Xport device looks pretty cool. I wonder if I could meld it with my weather station to make a data logger...

Posted by at 9:52 PM | Permalink | Comments (0) | TrackBacks (0)

http://www.microsoft.com/downloads/details.aspx?familyid=eae20f0f-c41c-44fe-84ce-1df707d7a2e9&displaylang=en

This update starts the driver secdrv for SafeDisc from Macrovision at boot time to allow you to run games as a non-admin, lower-privilege user. Games that use SafeDisc otherwise require you to play the game as Administrator in order to have the rights to start the Manual service. Now, if only PunkBuster were to do the same...

Have I mentioned that DRM and copy protection sucks?

Posted by at 8:42 PM | Permalink | Comments (0) | TrackBacks (0)

Boing Boing: MSFT: Our DRM licensing is there to eliminate hobbyists and little guys

It has been freaking annoying that I can't play DRM encumbered WMA files on my Neuros or even on Linux. Now we know why: Microsoft's business practices.

Posted by at 8:29 PM | Permalink | Comments (0) | TrackBacks (0)

The big DRM mistake

Digital Rights Managements hurts paying customers, destroys Fair Use rights, renders customers' investments worthless, and can always be defeated. Why are consumers and publishers being forced to use DRM?

I have to say that DRM is really on my s*it list these days. I was excited to find out that the Seattle Public Library had three separate e-book and digital audio book relationships so you can access content without even leaving the house. However, I quickly found that one uses WMA files with DRM (which won't play on my Neuros) and the other uses a proprietary software player that somehow integrates with Windows media player. I can't even play these files on Linux, let alone on a portable media player. And I can't burn most of them to CDs to play in the car. What do they expect you to do--play hours of audio books while sitting at your PC??? Retarded.

I'm going to go back to getting the CD audio books and then ripping them so that I can listen to them on the bus on my Neuros.

Note to content producers: you are reducing the play that your clients are getting by using DRM. I will be less able to learn of new authors because it is much more of a hassle to actually listen to the content.

Posted by at 5:11 PM | Permalink | Comments (0) | TrackBacks (0)

retrievr - search by sketch

This is a lot of fun to see what search results you get. Maybe Google will pick up similar technology for Google images and video?

Posted by at 5:39 PM | Permalink | Comments (0) | TrackBacks (0)

Adventures from the Technology Underground : Catapults, Pulsejets, Rail Guns, Flamethrowers, Tesla Coils, Air Cannons, and the Garage Warriors Who Love Them: Explore similar items

Mythbusters, except encouraging "do try this at home". Will have to get this book.

Posted by at 5:36 PM | Permalink | Comments (0) | TrackBacks (0)

Allows selecting colors for web designs from a variety of schemes, such as complementary colors. Very quick to get a list of colors that go well together.

HTML Color Code Tool
Or from the source: http://www.siteprocentral.com/html_color_code.html

I would post it here, but they force you to use their HTML code and include it as an iframe.

Posted by at 5:33 PM | Permalink | Comments (0) | TrackBacks (0)

Riding Sun ENV bike at Tokyo Fuel Cell Expo

Move over Vespa. There's a new show in town and I want one of these...

Posted by at 5:22 PM | Permalink | Comments (0) | TrackBacks (0)

Current style in web design

Discussion of notable web site designs and properties of good web design.

Posted by at 5:19 PM | Permalink | Comments (0) | TrackBacks (0)

I recently finished wiring my second kitchen and wanted to document and share the tips that I've learned. I'm not an electrician so when in doubt, check your local regulations and refer to the National Fire Prevention Association's National Electrical Code (NFPA 70) But, doing your wiring yourself can save you A LOT of money. It is really not that difficult if you read up on the requirements and practice with someone who has done it before. The inspectors are generally patient with you as a DIY homeowner and will help guide you along if you ask them questions.

Kitchen minimum circuit requirements:

• Countertop outlets: Must now have two independent 20A circuits. Not required but recommended is to alternate the outlets on a counter on both circuits to keep outlets in one area from going out if one device overloads the circuit.
• Microwave: must be on its own dedicated 20A circuit. This is an absolute must these days when most microwaves are at least 700W (mine is over 1000W) and this will often blow the circuit.
• Dishwasher: should be on its own dedicated 20A circuit. It is not required that it be hard-wired and can be handy to put an appropriately-sized gauge plug on the dishwasher so you can just plug it into a receptacle. Best to get a flat plug since there isn't much available room behind a dishwasher for a standard plug.
• Refrigerator: should be on its own dedicated 20A circuit, but this is not required. It is acceptable to dangle this off of one of the two countertop outlet circuits
• Disposer: Also should be on its own dedicated 20A circuit, but not required. I prefer to use a switched receptacle for disposals so that the other receptacle is available for a hot water tap or future devices.
• Lighting: Cannot be on the same circuit as any outlets. The thoughts are that if you blow the outlet circuit, it is safer to keep the lights on!

Other things to be aware of:

• Receptacles:
• Any appliance outlet in the kitchen within 6 feet of a water source must be GFCI protected.
• Be careful not to wire outlets that should be non-GFCI downstream and in series with GFCI outlets or if an upstream GFCI trips, you will kill the remainder of the circuit leg too. If you need to put others on the same circuit, wire them in parallel or run a parallel separate power lead from the incoming feed source.
• Some appliances with motor loads can trip GFCI circuits, such as dishwashers or refrigerators. You should likely not make those GFCI protected.
• You're not supposed to hang anything else off of kitchen countertop outlet circuits, especially in other rooms. You can get away with this in a remodel sometimes, as I had to deal with an existing bad situation.
• Any counter wall space of at least 12" needs to have an outlet installed on it.
• Countertop outlets are typically placed 6" to center above the finished countertop height (which is 36" these days)
• Receptacles: It is recommended to avoid push-in outlet terminals even where available since they are not as reliable as screw-down terminals and can cause overheating and fire in the long-run. Make sure to tighten down the screw terminals for the same reason. My 50 year-old house used the screw terminals but several wires were not tightened and the switches were quite warm because of it.
• Switch height is typically 48" to the center of the box from the finished floor. It's best to check with existing switches in a remodel and just match that height for aesthetics.
• Be advised that for some jobs the inspectors may require you to bring other things up to code even if they aren't part of your permitted work. For example, on my last kitchen remodel project, I had to install at least two 20A outdoor outlets, one near the front and one near the rear door since code requires this so that you aren't tempted to overload interior circuits with outdoor equipment.
• Be careful to provide maintenance switches for appliances that are hard-wired. The circuit panel breaker does not count as a switch unless you equip it with a breaker lock to keep someone from accidentally turning it back on while you're working on the appliance/circuit
• Outlets to bedrooms now are required to be served by AFCI (Arc Fault Circuit Interrupters). These are designed to detect arcing that can cause fires so are a safety precaution.
• There is a bit of excessive requirements in the NEC, alot of it designed less for safety than for other things like accessibility and maintainability and ensuring licensed electricians don't do silly things like wire all of your outlets on one circuit anymore. At the same time, there are some things that the NEC lets slip that I would not, as a security professional, rely on even if you can get away with it because the design is brittle. And with safety, I'd prefer to not have a brittle protection system. One of those is that you can technically install one GFCI outlet at the beginning and chain multiple outlets downstream in series from that one and that is sufficient to meet GFCI protection. I don't know about you, but that is asking a lot of that one outlet. And GFCI circuits are not necessarily reliable forever. Why do you think they have a test button on them that you are supposed to use periodically? I prefer to use GFCI receptacles on every outlet that should be GFCI protected so that there is some failover protection. I also prefer to install a GFCI circuit breaker if all outlets on the circuit should have GFCI protection since the breaker is more reliable in general than the individual outlets. Multiple layers of protection. I got inspectors asking me why I did this but it's a bit of extra protection where it is needed most and does not cost a whole lot more.
Make all connections that will have wire nuts attached mechanically sound with pliers before using wire nuts. Don't rely on the wire nuts alone to hold the wires together! I've seen grounds pop out this way and leave outlets unprotected.
• Running wires
• Wires running through walls should be 1 1/4" back from either face of the stud for safety. Use metal nail plates to protect the wires
• All junction boxes have to remain accessible so don't enclose them in a wall.
• Wires need to be stapled within 8 inches of entering a box and at least every 48 inches. More staples are better.

Here's what I've just put into my kitchen as an example:

two 20A countertop outlet circuits. Refrigerator branches off of the incoming power of one of the circuits.
one 20A non-countertop outlet circuit
one 20A dedicated dishwasher circuit
one 20A Disposer circuit. Low voltage transformer and range hood (only 3A max draw) come off of that circuit.
one 15A lighting circuit for the recessed cans
one 30A electric range circuit
one 20A dedicated microwave circuit

Inspections

Here are the required inspections since this is not apparent to the layperson doing this for the first time:

1. Cover (aka Rough-in): Once you have installed all of the boxes, run all of the wire, and "tailed out" all of the grounds at least, call for this inspection. The inspectors will want to make sure you pigtailed all of the grounds before signing off. You can also pigtail any other necessary connections as well before now. You can essentially hook everything up by this point except turning on the power and connecting receptacles, switches, etc. You cannot put insulation or drywall up until this is done. If you do, they may make you rip it out to see what's beneath...
2. Final: After everything has been completed and all of the lights and receptacles are hooked up and the power has been turned on, they will want to come back and do some tests. They will check the polarity of all of the outlets so be sure you check this first. You need to be sure to hook the black (hot) only to the brass screws! The other big thing they will check for is whether the GFCI circuits actually work. Miswiring GFCI outlets can render them worthless so be prepared for this.

Here are a couple of helpful resources:

Codecheck.com and also this checklist.

Posted by at 5:18 PM | Permalink | Comments (4) | TrackBacks (0)

mininova : the ultimate bittorrent source!

Hours and hours of entertainment, not all of it legal.

Posted by at 5:04 PM | Permalink | Comments (0) | TrackBacks (0)

MAKE: Blog: MAKE's Mostly Under $100 Gift Guide 2005!

What a cool list. I'm sure I'd enjoy anything on this list--even the PVC pipe (I do have a kitchen remodel coming up...)

Posted by at 10:22 PM | Permalink | Comments (0) | TrackBacks (0)

EFF: DocuColor Tracking Dot Decoding Guide

This is a breakthrough. It has been rumoured for years that printers and copy machines include secret codes on documents to track them back to the source machine but the EFF now has real evidence and even tools that you can use to perhaps decode your printer's secret tracking information.

This guide is part of the Machine Identification Code Technology project. It explains how to read the date, time, and printer serial number from forensic tracking codes in a Xerox DocuColor color laser printout. This information is the result of research by Robert Lee, Seth Schoen, Patrick Murphy, Joel Alwen, and Andrew "bunnie" Huang. We acknowledge the assistance of EFF supporters who have contributed sample printouts to give us material to study. We are still looking for help in this research; we are asking the public to submit test sheets or join the printers mailing list to participate in our reverse engineering efforts.

Posted by at 10:33 PM | Permalink | Comments (0) | TrackBacks (0)

Some interesting results found in a study of 2000-2004 election data.

We first show that there is a positive correlation between use of touch-screen voting and the level of electoral support for George Bush. This is true in models that compare the 2000-2004 changes in vote shares between adopting and nonadopting counties within a state, after controlling for income, demographic composition, and other factors. Although small, the effect could have been large enough to influence the final results in some closely contested states.

They also found:

Touch-screen voting could also indirectly affect vote shares by influencing the relative turnout of different groups. We find that the adoption of touch-screen voting has a negative effect on estimated turnout rates, controlling for state effects and a variety of county-level controls.

Posted by at 8:30 PM | Permalink | Comments (0) | TrackBacks (0)

Security Scoop - NSI Watercooler Stories - BankInfoSecurity.com

This seems consistent with what I've seen in spam that comes into axley.net. Spammers and scammers are the scourge.

Top 5 Spam Categories Named Drum roll please … it’s time to reveal the top five categories of junk e-mail, as tracked by security firm Sophos. The big winner for 2005 so far is medication/pills, which accounts for 41.4% of all spam reports. Next are mortgage offers, which clocked in with 11.1%. That old favorite pornography took the third spot, with 9.5%. Stock scams are growing fast, Sophos says, accounting for 8.5% of all spam thus far this year. In fifth were product-related spam messages, with 8.3%. The remaining 21.2% fall into the “other” category.

Posted by at 10:14 AM | Permalink | Comments (0) | TrackBacks (0)

I thought it would be good to document the Firefox extensions that I find invaluable:

All-In-One Sidebar
A much nicer integration of common configuration options with the FF GUI at the ready. Also, lets you load up two different pages side-by-side or the source code to a page right next to the site, etc.

Download Statusbar
I find the firefox download manager separate dialog box kind of annoying. This extension shows all download progress right in the statusbar so you don't have to watch multiple windows to track download progress.

FlashGot
This integrates firefox with any currently-installed download manager to quickly perform mass-downloads on pages with a nice right-click context menu.

NoScript
This is a must-have for security. NoScript allows you to set fine-grained policy on which sites you permanently or temporarily allow to run javascript. You can also use this to block Macromedia flash, but I prefer the Objection extension instead to manage the Local Shared Objects.

Scribe
Lets you save long form textbox entries locally so that you don't lose them before you submit them. Very handy for blogging or submitting tech support or forum posts and being safe from the "back button" or your browser crashing and losing your posts. No more need to edit in Vi or Notepad and then paste into the site!

Objection
Allows you to control Macromedia Flash cookies from the privacy settings window.

On Windows:

IE View
Adds a new right-click context menu item that will let you easily launch those pesky IE-only websites that don't show up in Firefox. Yes, there still are some of those around, unfortunately. Hopefully the launch of IE7 will force many to clean up their sites to the latest standards.

Posted by at 8:34 PM | Permalink | Comments (1) | TrackBacks (0)

HP has several printers where they provide huge driver downloads of 75-350 megabytes but none of them come with a network INF installer (you can look in autorun.inf and see references to Drivers/Network but those directories aren't there)

Two printers that I know have this problem are the:

HP PSC 750xi
HP PSC 1210xi

I run a linux print server so I want to connect the printers to the linux box and share them out via IPP provided by CUPS. This requires some software gymnastics on Windows because the typical HP drivers expect the printer to be plugged directly into the local USB cable, not served out over IPP. I saw similar problems of other HP users when they tried to use Windows printer sharing to remote computers on a network.

I have been able to get the latest 750xi driver to install on an IPP printer by pointing to the right INF file in the HP printer driver directory (c:\Program Files\Hewlett-Packard\AiO\hp psc 700 series) after installing the huge software package on the windows box. I never had to plug the printer into windows.

Now, the PSC 1210xi is another story. I had to download the 160 megabyte driver/software package from the HP website and install it as if I were installing the printer locally. However, I could not get any of the INF files to work.

I found the solution on the Internet is to find this section in the win98 INF file (hpoupdrx.inf) and comment out the line with a semicolon:

[ControlFlags]
;ExcludeFromSelect=*

This is what prevents windows from showing a listing of compatible printers when you point to this INF file.

Then, add your network printer and select Have Disk... for the driver. Navigate to c:\temp\HP All-in-One Series Web Release\enu\drivers\win9x_me and the hpoupdrx.inf will show up. When you select this, a list of the printers supported by the driver will show up and you can then select the right driver and proceed and windows will not be the wiser.

This was installed on win2k without any problems.

Posted by at 10:25 AM | Permalink | Comments (0) | TrackBacks (0)

20 questions: AI style

This is pretty freaky that a computer can guess what you are thinking...

20Q.net is an experiment in artificial intelligence. The program is very simple but its behavior is complex. Everything that it knows and all questions that it asks were entered by people playing this game. 20Q.net is a learning system; the more it is played, the smarter it gets.

Posted by at 9:42 PM | Permalink | Comments (0) | TrackBacks (0)

Aiwa HP-CN6 Noise-cancelling headphones. Get them at amazon.com for super cheap. I compared these to the $299 Bose and it was a very easy decision. There is not $270 more noise cancelling in the Bose headphones.

When trying them on and comparing them, be aware that the over-the-ear designs block more noise just without having them turned on. So, account for that difference in your testing.

I often use mine at work to cancel out the subconsciously irritating ambient noise and they are indispensable on airplanes.

Inspired by "Cost Reduction" Headphones

Posted by at 7:47 PM | Permalink | Comments (0) | TrackBacks (0)

The technical details of how to find your local traffic feed are at http://ejohn.org/blog/traffic-conditions-data/

It's pretty easy to set up your own URL. Here's one for Seattle that I'll have to put on my blog somewhere...

Posted by at 10:03 PM | Permalink | Comments (0) | TrackBacks (0)

Gotta love brit humor! This is great tongue-in-cheek commentary at its best.

The background: News.com UK published details about Google's CEO using public information found on...Google (aka Google hacking). Google wasn't happy about this, so they banned Google employees from speaking to News.com reporters for a year. Absurd!

But, fortunately, ZDNet UK has apologized for the whole matter, although it is covered with loads o' sweet syrupy sarcasm.

ZDNET.UK's "apology" to Google

Clearly, there is no place in modern reporting for this kind of unregulated, unprotected access to readily available facts, let alone in capriciously using them to illustrate areas of concern. We apologise unreservedly, and will cooperate fully in helping Google change people's perceptions of its role just as soon as it feels capable of communicating to us how it wishes that role to be seen.

Posted by at 7:40 PM | Permalink | Comments (0) | TrackBacks (0)

broadband Speed Interpretation

Just upgraded from 1.5mbps / 768kbps to 7mbps / 892kbps. Yum.

2005-07-19 21:32:27 EST: 4427 / 719
Your download speed : 4533441 bps, or 4427 kbps.
A 553.3 KB/sec transfer rate.
Your upload speed : 737104 bps, or 719 kbps.

Posted by at 6:36 PM | Permalink | Comments (0) | TrackBacks (0)

A great HOWTO: Vim as XML Editor

I'm not sure I'll give up a GUI for XML editing, but you can do quite a lot with VIM that many GUI XML editors can't.

Posted by at 9:39 AM | Permalink | Comments (0) | TrackBacks (0)

Scribe, Mozilla Firefox Extension looks like a handy extension to add to Firefox. How many times have you lost a long textarea posting? No more typing in VIM or Notepad and then pasting into the web. No need to constantly save to the server to avoid losing text.

Example given uses movable type... I'll definitely be checking this out.

UPDATE: I just lost a great posting due to accidental hitting the back button... Aargh.

Posted by at 11:04 AM | Permalink | Comments (0) | TrackBacks (0)

So, like everyone, I get a LOT of spam. Over the past year (May 15 2004 - May 3 2005), I have received and processed a total of 120878 emails.

Here is how the mail I received breaks down:

notspam (ham): 14092 (11.7%)
probably-spam: 76925 (63.6%)
suspected-spam: 29154 (24.1%)

The statistics are somewhat misleading. I switched in August of 2004 to calling all mail marked over a particular spam threshold "probably spam" and suspicious mail as "suspected spam", when before everything was "suspected spam". So, until I do further analysis, the suspected spam pot is a bit fuller than it should be.

What this shows is that only about 12% of my email is legitimate, leaving the other 88% as mostly, well, crap. The legitimate mail will actually a bit higher because some of the mail that gets quarantined as suspected spam is actually legitimate, but not all of it. I have to look at mail that falls into the suspected spam bucket and retrain bogofilter if the mail is really spam or legitimate (in which case, I set up a new whitelist entry)

The spam solution that I have today works very well. It is a combination of a whitelist along with Bogofilter in tri-mode so that Bogofilter tags mail as either notspam, suspicious, or pretty sure it's spam. A solution with just Bogofilter was still fairly accurate, however, false positives were unacceptable to me. Also, it is a chore to weed out the wheat from the chaffe with the volume in spam compared to the very infrequent false positives. So, a whitelist turned out to be a necessary evil to keep known legitimate mail from making it into the spambucket (which, with bogofilter, until you correct the database, can negatively impact every future spam decision)

Bogofilter relies on a 72 megabyte database of spam tokens, generated from hundreds of thousands of spam messages that I have kept since 1997 (about every single spam I have ever received from every mail account I've had).

False negatives used to be a problem until I got my bogofilter database properly tuned and caught many classification errors that were made that I had missed that were throwing off the classifications. My Bogofilter database is now 72 megabytes and works a lot better than the old 17 megabyte list from long ago. All in all, it is a great solution.

Posted by at 8:52 PM | Permalink | Comments (0) | TrackBacks (0)

20Q.net

Select the "Think in english" link to proceed in english. This is an automated 20 questions that is very good at guessing what you are thinking of. Haven't seen this in some time but got sent the link recently.

-J

Posted by at 9:25 PM | Permalink | Comments (0) | TrackBacks (0)

Courtesy www.fiercewireless.com

If this is true, this is really sad. I know the mobile phone industry would just love to keep charging exhorbitant rates for worse-than-midi ringtones to counteract the trend of them becoming commodity carriers for wireless voice, but to go this far -- hindering technology growth and restricting use of their mobile data networks -- is the wrong move. It took the public Internet to launch the explosion of new technology, services, etc. The variety and growth in technology that exists on and over the Internet today would not have occurred if the only game in town was still the AOL or Compuserve network -- just to offer a historical analogy.

Rumor Mill: Who is trying to kill the iTunes phone?

Motorola was supposed to launch the much-hyped iTunes phone yesterday at CeBit. The company, however, cancelled its launch at the last minute reportedly after a secret phone conversation with a carrier or carriers. Supposedly, the carrier(s) in question was not excited by the prospect of a handset that could access iTunes content, but that didn't include them in the revenue share. So, the rumor goes, the carrier in question bascially said they would not carry the iTunes phone, forcing Motorola to pull back on its launch plans. Many claim that carriers are working to block Motorola's iTunes phone outright in favor of their own mobile music services. Some insiders claim that carriers are more interested in owning the mobile music process and that they do not want to have to compete with Apple's iTunes platform for revenue.

Rumor Mill: Is Motorola trying to cover up the iTunes phone story?

Motorola yesterday said that, contrary to rumors, the iTunes phone was delayed not because of carrier worries but because of issues with its partner Apple Computer. At a press conference at CTIA, Motorola's mobile phone head, Ron Garriques, told reporters that the iTunes phone's sudden disappearance last week at CeBit was due to differences in the two companies' approach to marketing. Garriques blamed Apple for trying to launch the handset too soon. He claimed that Motorola delayed the device because it was not ready for the market. Garriques also added that an iTunes phone will make it to market in the second half of the year.

Insiders at CTIA dimissed Garriques' comments, claiming that the rumors that broke at CeBit were likely the true version of the story -- i.e., that carriers killed the iTunes phone because they fear Apple will dominate the mobile music market and because the iTunes phone does not support over-the-air music downloads.

See also Motorola: iTunes phone no-show due to Apple

Posted by at 8:45 PM | Permalink | Comments (0) | TrackBacks (0)

Sorry for not keeping up. Been enjoying the summer too much!

Anyhow, I thought that my experience in trying to get openLDAP 2.0.x working with TLS would be of interest to someone because the solution was so orthogonal it is unbelievable.

I have working OpenLDAP servers with TLS on two other machines so was baffled when I tried /etc/rc.d/init.d/ldap start and got [FAILED] with a very similar configuration to the others. Permissions on the TLS files are very finicky so I tried tweaking those--but nothing was working. I tried strace on the slapd binary but that did not offer any clues. I was able to get it to work by running slapd in debug mode on the command line, but in that mode it was ignoring the -u ldap so was running as root. So that told me there was some sort of permissions problem. But where?

Continue reading "OpenLDAP/OpenSSL stupidity" »

Posted by at 10:51 PM | Permalink | Comments (7) | TrackBacks (0)

This does not look good for Netflix, which is too bad. They have been a great service.

Excite News

After a seven-month trial, Wal-Mart Stores Inc. has begun full-scale operations in its online DVD rental business, hoping to catch up with market leader Netflix Inc. (NFLX)

Customers order the movies online. Wal-Mart sends them from six distribution points, reaching 90 percent of the nation within two days, the company says.

Posted by at 10:10 AM | Permalink | Comments (0) | TrackBacks (0)

" This museum is a celebration of fascinating devices that don't work. It houses diverse examples of the perverse genius of inventors who refused to let their thinking be intimidated by the laws of nature, remaining optimistic in the face of repeated failures."

A truly fascinating site.

The Museum of Unworkable Devices

Posted by at 4:37 PM | Permalink | TrackBacks (0)

Like 'click-through' or 'clickwrap' licenses before, Lawrence Lessig publishes what may be described as an 'e-mail through' or 'e-mail wrap' license:

welcome spammers

Posted by at 10:34 PM | Permalink | TrackBacks (0)

New Scientist

"The world's first brain prosthesis - an artificial hippocampus - is about to be tested in California."

This is the result of black-box testing the hippocampus--the part of your brain that encodes "experiences so they can be stored as long-term memories". It has proven to be elusive to its exact workings, but by treating it as a black-box and mimicking its response to inputs, scientists were able to devise a mathematical model that they could program onto a chip which could replace a malfunctioning hippocampus.

Some of the ethical issues are discussed in the article as well.

Posted by at 7:58 PM | Permalink | TrackBacks (0)

A slashdot article about a book (see below) researching whether the sci-fi Space Elevator could be practically manufactured is out:

This is some of the fruits of ongoing NASA-sponsored research.

What is a Space Elevator, you ask? A superstrong elevator "shaft" stretching from earth and anchored to a geosynchronous satellite in outer space that an elevator would ride upon to carry payloads outside of our atmosphere.

"carbon nanotube fibers are both strong and light enough that a 100,000 km elevator, constructed of a 2m wide carbon nanotube "ribbon," could be constructed in 10 years for a cost of US $6 billion, and be capable of lifting a 13-ton payload to geosynchronous orbit once every few days. If feasible, it would present a stunning breakthrough in space accessibility, and likely usher in a new age of space development and exploration."

Slashdot story

Posted by at 7:48 PM | Permalink | Comments (0) | TrackBacks (0)

Cool!

InfoWorld:� Toshiba prototypes methanol fuel cell for laptops:� March 05, 2003:� By� Gillian Law:� End-user Hardware

Posted by at 7:40 PM | Permalink | TrackBacks (0)

BlackBox Voting is reporting on a whistleblower lawsuit filed here in Washington state by a software engineer against his former employer VoteHere. He alleges that he was wrongfully terminated to silence his complaints while third party "certification" of the VoteHere system was being conducted. The lawsuit enumerates many of the system's flaws that he documented in defect reports. It is a must-read.

In other unbelievable news, Santa Clara County, CA and Collins County, TX both voted for electronic voting machines without paper audit trails against all sound advice from experts around the world. Santa Clara County reportedly cited the same kinds of "certifications" as evidence that the system is okay without the voter verifiable audit trail.

Posted by at 10:13 PM | Permalink | Comments (0) | TrackBacks (0)

[IP] Pondering Value of Copyright vs. Innovation

"Technology scholars, business leaders and policy makers gathered at California
conferences this weekend to argue whether a mismatch between two different technologies and the legal policies that govern them could inhibit free expression and innovation. "

""We have ceded too much power to copyright owners," said Ms. Lofgren, who plans on Tuesday to reintroduce a bill that would amend the 1998 law. "People are afraid to proceed on innovative measures.""

Posted by at 1:13 PM | Permalink | TrackBacks (0)

Seth Finkelstein has details on a troubling case about someone in Chester county in the UK complaining to google about a site run by someone calling themselves "Chester the Molester" as an illegal paedophile site that they found by searching for "Chester Guide" on google. The site, in fact, was not illegal at all but a list of "sick humor" that included a link to a humor article entitled, "Chester's guide to: picking up little girls".

So, all it takes is for someone to make a complaint, for google to not really research it, and you can get someone's site removed from google's cache.

[IP] Google removal - Chester's Guide to Molesting Google

Posted by at 8:53 AM | Permalink | TrackBacks (0)

Senator Ron Wyden (D) from Oregon is pitching a simple idea to lead to a market-driven solution to the DRM problems being imposed on consumers: to require music companies to disclose to consumers the restrictions they will impose on the consumer's use of the product.

"When customers know, for example, that the compact disc they're buying is technologically rigged so they can't rip MP3 files from it for use on a portable player, they won't buy it. Eventually, these informed customers will demand change in the copyright laws."

[IP] Truth in labeling

Senator Seeks Full Copyright Disclosures

Posted by at 8:51 AM | Permalink

Wow. This may help spur other cost-conscious companies (perhaps my employer too) into making the switch.

"Currently, our order management, customer transaction information, manufacturing flow, and software downloads (as a part of our build-to-order manufacturing process) all involve Sun-based Unix systems. But that's all being moved to Dell-based systems running Red Hat Linux and Oracle 9iRAC. So far, 14 Sun systems are gone and the plans are to complete the 'Sun setting' exercise this year."

Dell, Sun execs trade jabs over Unix viability

Posted by at 10:31 PM | Permalink

From RISKS 25.57.

I have friends who dive and hope to get certified myself soon so this is of particular concern.

Date: 17 Feb 2003 05:35:20 -0800
From: tom.race@skipton.co.uk (Tom Race)
Subject: Scuba diving computer recall

[See also Risks in scuba equipment, Carl Page, RISKS-21.41]

In simple terms, a dive computer monitors the amount of nitrogen
dissolved
in the diver's blood. Typically worn like a wrist watch, it tracks the
diver's depth and calculates the absorbed nitrogen according to a
mathematical model of the human body's various tissues.

If a diver surfaces too quickly with too much nitrogen in the body it is
released as bubbles within the blood or tissues, potentially causing
injury
or death through Decompression Sickness (DCS). Divers typically rely
heavily on a computer to tell them when to surface to avoid DCS.

The manufacturer below is being sued over the mathematical model, which
has
a faulty assumption, or more likely a complete oversight. The model
embedded in this computer assumes that the diver on the surface
continues to
breath whatever gas mixture they were diving with. When the diver is
using
nitrox, a gas mixture containing extra oxygen and therefore less
nitrogen
than air, the computer will assume that they are releasing nitrogen at a
higher rate than reality. Over several dives and several intervals on
the
surface, the state of the mathematical model and the diver's actual
nitrogen
levels may become seriously different, and in the 'wrong' (more risky)
direction.

A failure of requirements specification or code inspection? The lawsuit
refers to a 'manufacturing defect'.

I have an interest, since I have a nitrox computer from the same
manufacturer. Fortunately mine is more recent, and I have not used it
for
gases other than air.

Tom Race

Continue reading "Scuba diving computer recall" »

Posted by at 10:57 PM | Permalink

What to buy...

For my birthday, I'm looking to buy myself a digital music jukebox player/recorder. There are plenty of options, but none of which meet all of my requirements.

I'm going to play the wait-and-see game for a while. There are some new Minidisc players coming out that are candidates as well, although the tradeoff is smaller capacity to get a smaller form factor and jog-proof mechanism.

The most promising product is the Neuros, although some poor design decisions, including only providing USB 1.x support, may kill this one before it gets started. The promise for me is the ability to have both a memory-based player and a hard-drive based player in one. I could take it to the gym without the hard disk pack, but still be able to add the disk for roadtrips or just the daily commute. The built-in FM transmitter is another great feature.

PC Firewire iPod
Creative Nomad Jukebox Zen
Creative Nomad Jukebox 3
Neuros
Archos Jukebox Multimedia 20
Bantam Interactive BA1000

Posted by at 6:14 PM | Permalink | Comments (0)